Apple & 5 Other Companies Agree to Privacy Protection Principles

Apple, Amazon, Google, Hewlett-Packard, Microsoft, and Research in Motion signed a statement today with the California Attorney General, Kamala Harris, on principles intended to govern personal data collection, use, and privacy by apps and mobile devices. “By collaborating, the Participants have agreed to creative and forward-looking solutions that give consumers greater transparency and control over their personal data without unduly burdening innovative mobile platforms and application developers.”

The statement lists five principles around privacy policies, covering everything from transparency to grievance procedures. The parties have also agreed to meet again in six months to “evaluate privacy in the mobile space.” They also will be looking at the usefulness of education with regarding to mobile privacy.

The first principle states “an application (‘app’) that collects personal data from a user must conspicuously post a privacy policy or other statement describing the app’s privacy practices that provides clear and complete information regarding how personal data is collected, used and shared.” While that does leave room for interpretation, it does seem to be a step forward at a time when surreptitious collection of data is being continuously uncovered.

The second principle is with regards to having developers include links to their privacy policies in their application submission. The third principle asks for a means for users to report non-compliance. The fourth principle requests that the companies have a process for dealing with non-compliance. And the fifth principle has the parties agreeing to continue to work together on this issue.

The statement is a collaborative effort of the signatories and not a legally binding document. However, it is intended to keep these companies focused on being in compliance with California privacy laws.

This agreement SOUNDS good, but my immediate image was the Happy Days episode where Fonzie was teaching Richie how to act like a tough guy: the attitude, the talk, the walk, the posture. It goes ok for a while, but eventually doesn’t work out. Then the Fonz tells him at some point he has to actually pop someone.

Warnings and agreements are a fine step, but there have been and continue to be egregious and widespread privacy violations, including identity theft, due to ignorance, gross negligence and willful malfeasance.

I keep waiting for an Attorney General somewhere, sometime, to develop the huevos to actually pop some company for privacy violations. Maybe Kamala Harris will be the one to do it.

I hate these industry-generated pledges.
They become the gold standard, then the gold standard becomes law, but then someone finds a way to circumvent the letter and intent of the original pledge, and the industry, courts and legislators shrug.

How about a law that says “if you take other people’s personal information, by whatever means, we’re going to hang you by the balls.”